Previous page

Next page

Locate page in Contents

Print this page

System Resource Control Parameters in Detail

The UBC parameters can be subdivided into the following categories: primary, secondary, and auxiliary parameters. The primary parameters are the start point for creating a Container configuration from scratch. The secondary parameters are dependent on the primary ones and are calculated from them according to a set of constraints. The auxiliary parameters help improve fault isolation among applications in one and the same Container and the way applications handle errors and consume resources. They also help enforce administrative policies on Containers by limiting the resources required by an application and preventing the application to run in the Container.

Listed below are all the system resource control parameters. The parameters starting with "num" are measured in integers. The parameters ending in "buf" or "size" are measured in bytes. The parameters containing "pages" in their names are measured in 4096-byte pages. The File column indicates that all the system parameters are defined in the corresponding Container configuration files (V).



Primary parameters


The maximal number of processes and threads the Container may create.


The average number of processes and threads.


The number of TCP sockets (PF_INET family, SOCK_STREAM type). This parameter limits the number of TCP connections and, thus, the number of clients the server application can handle in parallel.


The number of sockets other than TCP ones. Local (UNIX-domain) sockets are used for communications inside the system. UDP sockets are used, for example, for Domain Name Service (DNS) queries. UDP and other sockets may also be used in some very specialized applications (SNMP agents and others).


The memory allocation guarantee, in pages (one page is 4 Kb). Container applications are guaranteed to be able to allocate additional memory so long as the amount of memory accounted as privvmpages (see the auxiliary parameters) does not exceed the configured barrier of the vmguarpages parameter. Above the barrier, additional memory allocation is not guaranteed and may fail in case of overall memory shortage.

Secondary parameters


The size of unswappable kernel memory allocated for the internal kernel structures for the processes of a particular Container.


The total size of send buffers for TCP sockets, i.e. the amount of kernel memory allocated for the data sent from an application to a TCP socket, but not acknowledged by the remote side yet.


The total size of receive buffers for TCP sockets, i.e. the amount of kernel memory allocated for the data received from the remote side, but not read by the local application yet.


The total size of UNIX-domain socket buffers, UDP, and other datagram protocol send buffers.


The total size of receive buffers of UDP and other datagram protocols.


The out-of-memory guarantee, in pages (one page is 4 Kb). Any Container process will not be killed even in case of heavy memory shortage if the current memory consumption (including both physical memory and swap) does not reach the oomguarpages barrier.


The size of private (or potentially private) memory allocated by an application. The memory that is always shared among different applications is not included in this resource parameter.

Auxiliary parameters


The memory not allowed to be swapped out (locked with the mlock() system call), in pages.


The total size of shared memory (including IPC, shared anonymous mappings and tmpfs objects) allocated by the processes of a particular Container, in pages.


The total size of RAM used by the Container processes. This is an accounting-only parameter currently. It shows the usage of RAM by the Container. For the memory pages used by several different Containers (mappings of shared libraries, for example), only the corresponding fraction of a page is charged to each Container. The sum of the physpages usage for all Containers corresponds to the total number of pages used in the system by all the accounted users.


The number of files opened by all Container processes.


The number of file locks created by all Container processes.


The number of pseudo-terminals, such as an ssh session, the screen or xterm applications, etc.


The number of siginfo structures (essentially, this parameter limits the size of the signal delivery queue).


The total size of dentry and inode structures locked in the memory.


The number of IP packet filtering entries.

More detailed description of the parameters and the resource control mechanisms governed by these parameters is provided in the following subsections.

In This Section


Primary Parameters

Secondary Parameters

Auxiliary Parameters

Inspecting Resource Control Settings

Please send us your feedback on this help page